IBM’s New Cybersecurity Plan: Find Bad Guys Before They Steal

Protecting a company from data theft traditionally involves setting up a secure perimeter. But with computer crime growing in recent years, International Business Machines has a new approach: spotting threats before the crown jewels are stolen.

On Monday, IBM announced a new security product that it says uses data mining and “behavioral analytics” to keep out hackers.

Antivirus software generally looks for “signatures,” or code belonging to known viruses or other malicious software. One problem with this approach is that it is hard to keep ahead of all the new viruses getting cooked up. Symantec, which invented commercial antivirus software a quarter-century ago, now says such tactics are doomed to fail.

IBM’s new security systems work by ingesting massive amounts of publicly available data from computer networks, software and websites, and establishing patterns of normal behavior. Then it looks for irregularities in how the ingested data behave and are being used, IBM Vice President Marc van Zadelhoff said. One example: finding a PDF reader that is abnormally communicating with servers outside of a company’s infrastructure.

Data analytics also can help companies ferret out real attacks among the millions security “events” that happen each week, van Zadelhoff said. When Target was attacked by hackers who stole credit card data from tens of millions of its customers, the retailer security team saw alerts but the company didn’t act on them. IBM’s systems, for example, would prompt a company to act on an alert that data are being sent to an Internet address that is suspicious or known to be associated with computer criminals, van Zadelhoff said.

IBM, which set up its cybersecurity division in 2011, has been building up its technology through several acquisitions, including Q1 Labs, Trusteer and Fiberlink Communications. Sales of IBM’s portfolio of security offerings grew more than 20% in the first quarter, its sixth consecutive quarter of double digit growth. IBM doesn’t break out dollar figures for security software sales.